Dan Lorenc is the founder and CEO of Chainguard and a seasoned software leader with 13 years of experience building developer infrastructure, cloud tooling, and supply-chain security. After nearly a decade at Google, he helped start and maintain widely used open-source projects such as Minikube, Skaffold, Distroless, Tekton, Sigstore and SLSA, blending deep backend and DevOps expertise. He is a hands-on engineer who has implemented core security features—OAuth flows, certificate issuance, key management and transparency logs—across sigstore and related projects. Based in the NYC area, Dan combines product-level vision with low-level implementation chops, from CI/CD and Bazel rules to container signing and provenance. A mechanical engineering graduate from MIT, he brings a practical, systems-oriented mindset to securing modern software delivery.
13 years of coding experience
14 years of employment as a software developer
Bachelor of Science (B.S.) Mechanical Engineering, Bachelor of Science (B.S.) Mechanical Engineering at Massachusetts Institute of Technology
Code signing and transparency for containers and binaries
Role in this project:
Back-end & DevOps Engineer
Contributions:2 releases, 1104 reviews, 256 commits in 1 year 3 months
Contributions summary:Dan's commits primarily focus on the development and refinement of the command-line interface (CLI) for the cosign tool, including skeleton implementations for key functionalities like signing, verification, and attestation. They implemented the core structure for a CLI application that allows for secure container and binary signing. Furthermore, the user also added the support for a "keyless" signing and added support to verify annotations on the signatures. The changes indicate an understanding of building secure and reliable software distribution tools.
Common go library shared across sigstore services and clients
Role in this project:
Back-end & Security Engineer
Contributions:284 reviews, 20 commits, 236 PRs in 11 months
Contributions summary:Dan primarily contributed to the core functionality of the `sigstore/sigstore` repository, focusing on identity and security aspects. They implemented a device flow for OAuth authentication, added support for static identity tokens, and refactored IDToken handling. Additionally, they modified the rekor dependency and implemented DSSE signing and verification wrappers. The user also made changes to the KMS integration, addressing issues and improving the key management system, indicating involvement in security-related backend tasks.
cosigngolangshared-librarysecuritysupply-chain
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.